The frequently-used Shortcut key of Ollydbg
|Ctrl + F2||restart debugging|
|F7||execute next code,If meet the CALL instruction,step in the function|
|F8||execute next code,If meet the CALL instruction,Only Call the function without step in(step over)|
|F4||execute until cursor|
|F9||run to BreakPoint,if without BP ,run until end|
|\*||show the position of EIP|
|-||show the previous position of cursor|
|Alt + M||show the be loaded *.dll|
the method of find function:
- Search String
- set API BP
- in the *.dll
- in the main function
if you want to change the string ,you can write something in the Extra memory space(Null padding),and patch the string point where push the address of the first byte.
when the Executable file be loaded in memory ,it can be distribution 1000byte memory space,although the file only use 100byte ,but when the file be loaded in memory,it can be distribution 1000byte memory space, so the other free space,be fill with NULL.